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DETAILED ACTION 

1 . This Office Action is in response to the Amendment filed on 0 1/25/20 1 1 . 

2. In the instant Amendment, claims 1-36 were cancelled; claims 37, 48, 54, and 65 have been 
amended; and claims 37, 54, 71, and 72 are independent claims. Claims 37-72 have been 
examined and are pending. This Action is made FINAL. 



Response to Arguments 

3. Applicants' arguments in the instant Amendment, filed on 01/25/201 1, have been fully 
considered but they are not persuasive. 

Applicants' arguments: 

a. Baehr and Nakae do not teach or suggest "in the absence of an adverse effect, 
directing, by said test facilities, the communication entities not having the adverse 
effect to said set of machines. " 

b. "Nakae 's detecting section 202, however, does not replicate the machine to be 
"protected, and therefore, does not constitute the claimed 'test facilities replicating 
at least one of said machines in said set, ' as claimed in claim 37. " 
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The Examiner disagrees for the following reasons: 

a. Baehr does disclose in the absence of an adverse effect, directing the 
communication entities not having the adverse effect to said set of machines' 
(Baehr: col. 7, lines 39-43; another action can, of course, be to simply pass the 
packet through to its destination [targeted hosts/servers] ; col. 10, lines 27-32; if 
the connection allowed, and then the method tests whether it is an initial 
connection (box 980) - if so, then at box 990 the connection is established). 
Nakae does disclose 'directing, by said test facilities, the communication entities 
not having the adverse effect to said set of machines (Nakae: par. 0448; if it is 
determined that no attack to the piece of request data r(i) has been detected from 
the server operation on the decoy unit 2, then the piece of request data r(i) is 
surely transmitted to the regular server on the internal network 4; see also par. 
0193; since attacks are not detected in the decoy unit 2 while normal accesses are 
being made, the confidence level for the IP address of the ordinary host 302 
increases; the IP packets of the access from the ordinary host 302 are guided to 
the server 401 on the internal network 4). Therefore, the combination of Baehr 
and Nakae does disclose all limitations argued above. 

b. Nakae's decoy unit 2, which includes detecting section 202 and processor 201, 

does replicate the machine to be protected (Nakae: par. 0193; the decoy unit 2 
has been set such that the same processes as the WWW services on the server 401 
are executed by the processor 20 1 of the decoy unit 2; Figs. 1 and 9-11; the decoy 
unit 2 has been set such that the same processes as the WWW services on the 
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server 401 are executed by the processor 201 of the decoy unit 2; par. 0195; the 
decoy unit 2 maybe set completely as a inirror server of the [protectedl server 
401; par. 0457; Fig. 54; on the processor 201 of the decoy unit 2, the same FTP 
services as those of the FTP server 402 are provided [It is clear that decoy unit 2, 
which provides the same services as the protected server 401/402, receives 
message from client device and functions as the same as protected server 401/402 
to detect attacks and to protect server 401/402] ). Therefore, Nakae does disclose 
'test facilities replicating at least one of said machines in said set' as claimed in 
claim 37. 

The Examiner respectfully suggests that the claim be further amended; details in the 
specification be incorporated, to distinguish the claimed invention over prior art of 
record. Should the Applicant desire an interview to further clarify the claim 
interpretation/rejections, please contact the Examiner at (571) 270 5002 to schedule 
an interview. 

4. Applicants' arguments with respect to claims 37-72 have been considered but are moot in 
view of the new ground(s) of rejection. Secondary reference is applied for new ground(s) 
of rejections for amended limitations (i.e., blocking and directing by said test facilities). 
Refer to section 7 below for details. 
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Claim Rejections - 35 USC § 103 

5. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness 
rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

6. This application currently names joint inventors. In considering patentability of the claims 
under 35 U.S.C. 103(a), the examiner presumes that the subject matter of the various 
claims was commonly owned at the time any inventions covered therein were made absent 
any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1 .56 to 
point out the inventor and invention dates of each claim that was not commonly owned at 
the time a later invention was made in order for the examiner to consider the applicability 
of 35 U.S.C. 103(c) and potential 35 U.S.C. 102(e), (f) or (g) prior art under 35 U.S.C. 
103(a). 

7. Claims 37-39, 46-51, 54-56, 63-68, and 71-72 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Baehr et al., (hereinafter "Baehr"), U.S. Patent No. 5,878,231, 
issued on March 02, 1999, in view of Nakae et al., (hereinafter "Nakae"), U.S. Patent 
Application Publication No. 2004/0172557, filed on August 20, 2003. 

• Regarding claim 37, Baehr discloses a method of preventing intrusion in 
communication traffic with a set of machines in a network, said traffic comprising 



Application/Control Number: 10/576,250 Page 6 

Art Unit: 2437 

communication entities (col. 5, lines 7-11; Figs. 6-7; proxy network 445 implemented on 
screening system 340), comprising the steps of: 

providing a test system (col. 5, lines 7-11; Fig. 7; the screen 340 and proxy 
network in a single unit [as a whole, known as test system] ) comprising test facilities 
replicating at least one of said machines in said set (col. 4, lines 27-40 and lines 50-63; 
Figs. 5-6; proxy network may include proxy hosts representing actual hosts, and/or proxy 
hosts with unique server; proxy network 430/445 includes a virtual host mirroring (or 
acting as proxy for) each of a subset (or all) of the hosts found on the private network 330; 
col. 5, lines 7-11; Fig. 7; the proxy hosts 360-380 are emulated by the program 
instructions, so that all of the behavior of any of the actual hosts may be mimicked by a 
virtual proxy host module); 

directing at least part of said communication entities in said traffic toward said 
test system (col. 2, lines 25-36; if the packet's intended destination is a host machine on the 
private network, it may instated be sent aside to a preconfigured host machine on the proxy 
network, which executes appropriate operations that the actual host would execute; col. 4, 
lines 57-60; Figs. 4-7; when a user attempts to access a service or host of the private 
network, the request may be shunted aside to the proxy network to either a mirroring proxy 
host or a unique proxy host; see also col. 6, lines 30-36; see also col. 10, lines 11-34); 

running said communication entities directed toward said test system [[on said 
test facilities]] to detect possibly adverse affects on said test system (col. 6, lines 30-50; 
col. 8, lines 67 to col. 9, lines 1-7; col. 9, liens 26-35; packet inspector 600 includes the 
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instructions for inspecting the contents of the incoming packets based upon the criteria 
discussed above); and 

i) in the presence of an adverse effect, blocking [[, by said test facilities,]] the 
communication entities leading to said adverse effect (col. 6, lines 53-59; this is an 
indication that intruder maybe attempting to breach the private network by masquerading 
as a trusted hot; in this case, the screen 340 should drop the packet without reply; col. 7, 
lines 16-24; packets from any other source will be dropped without ftirther action; col. 7, 
lines 25-29; if a trace_route packet is received, the packet is discarded; see also col. 10, 
lines 27-32), and 

ii) in the absence of an adverse effect, directing [[, by said test facilities,]] the 
communication entities not having the adverse effect to said set of machines (col. 7, lines 
39-43; another action can, of course, be to simply pass the packet through to its destination 
[targeted hosts/servers] ; col. 10, lines 27-32; if the connection is not allowed, it is blocked 
(box 970), but otherwise, it is allowed, and then the method tests whether it is an initial 
connection (box 980) - if so, then at box 990 the connection is established). 

Baehr discloses running said communication entities directed toward said test 
system to detect possibly adverse effects on said test system, as recited above, but does not 
explicitly discloses running said communication entities directed toward said test system 
on said test facilities to detect possibly adverse effects on said test system. Baehr, also 
discloses, blocking the communication entities leading to said adverse affect and directing 
the communication not having the adverse effect to said set of machines, as recited above. 
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but does not explicitly disclose blocking and directing communication entities are 
performed by said test facilities. 

However, in an analogous art, Nakae discloses an attack defending 
system/method including the steps of running said communication entities directed toward 
said test facilities on said test facilities to detect possibly adverse effects on said test system 
(Nakae: pars. 0126-0130; Figs. 7 and 10-11; steps A6-A8; the attack detecting section 202 
of the decoy unit 2 compares the processing status notified from the processor 201 with a 
normal operation definition to determine whether an attack exists; pars. 0153-0157; in the 
decoy unit 2, the processor 201 provides WWW services to the attack-source host 301 and 
sequentially notifies the attack detecting section 202 of the operation status such as file 
accesses and network accesses); blocking, by said test facilities, the communication 
entities leading to said adverse effect (Nakae: par. 0449; when an attack has been detected 
by the decoy unit 2, the connection is immediately blocked; therefore it can be guaranteed 
that no request data thereafter including the piece of request data r(i) will reach the 
regular server); and directing, by said test facilities, the communication entities not having 
the adverse effect to said set of machine (Nakae: par. 0448; if it is determined that no 
attack to the piece of request data r(i) has been detected from the server operation on the 
decoy unit 2, then the piece of request data r(i) is surely transinitted to the regular server 
on the internal network 4; see also par. 0193; since attacks are not detected in the decoy 
unit 2, the confidence level for the IP address of the ordinary host 302 increases; the IP 
packets of the access from the ordinary host 302 are guided to the server 401 on the 
internal network 4). 
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Therefore, it would have been obvious to one of ordinary skill in the art at the 
time the invention was made to combine the teaching of Nakae with the method and system 
of Baehr to include the steps of running said communication entities directed toward said 
test facilities on said test facilities to detect possibly adverse effects on said test system; 
blocking, by said test facilities, the communication entities leading to said adverse effect; 
and directing, by said test facilities, the communication entities not having the adverse 
effect to said set of machine to provide users with an attack defending system to lure 
suspicious packets into a decoy unit to detect attacks and provide appropriate action to the 
detected attacks (Nakae: pars. 0103-0104). 

• Regarding claim 38, Baehr and Nakae disclose the method of claim 37. 
Baehr further discloses said at least part of said communication entities directed 

toward said test system include communication entities from traffic bound toward said set 
of machines (Baehr: col. 6, lines 29-36; Fig. 6; when a data packet arrives from the public 
network 350 addressed to one of the hosts or server 360-380; such packet typically include 
a sources address, a destination address; see also col. 10, lines 11-18). 

• Regarding claim 39, Baehr and Nakae disclose the method of claim 37. 
Baehr and Nakae further disclose said at least part of said communication 

entities directed toward said test system include communication entities from traffic 
coming from said set of machines (Baehr: col. 8, lines 13-29; upon execution of such 
operations, a proxy host may then return a given packet to the sender, i.e. send the packet 
off with the original sender's address as the destination; that packet will then go through 
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the screen 340, which will subject it to the predetermined inspection criteria, just as when 
it was first received at the screen fi-om, for instance, public network 350; Nakae: pars. 
0509-0512; Fig. 58; the present invention is fiirther provided with a mirroring unit 6901, 
which copies the contents of a file system from the server (for example, an FTP server 402) 
on tiie internal network 4 to at least the decoy unit). 

• Regarding claim 46, Baehr and Nakae disclose the method of claim 37. 
Baehr and Nakae further disclose in the presence of said adverse effect, the step 

of subjecting to a resetting step those of said test facilities in said test system affected by 
said adverse effect (Baehr: col. 6, lines 37-67 to col. 7, lines 1-7; packet is either blocked 
or allowed depending on predetermined criteria and/or predefined table; col. 7, lines 13- 
24; actions are taken on each data packet by the screening system 340, based upon the 
foregoing criteria and the particular security protocol and level for that packet as 
determined in advance by the system administiator; Nakae: pars. 0233-0234;the defense 
rule determination section 1001 instincts the confidence management sections 502 and 701 
to reset a corresponding confidence level depending on an alert received from the decoy 
unit 2 through the control interface 106). 

• Regarding claim 47, Baehr and Nakae disclose the method of claim 37. 
Baehr further discloses the machines in said set comprise facilities exposed to 

said adverse effect as well as additional contents, comprising the step of configuring said 
test facilities in order to replicate said facilities exposed to said adverse effect in the 
machines in said set (Baehr: col. 4, lines 33-63; a proxy network may thus include proxy 
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hosts representing actual hosts, and/or proxy hosts with unique servers, in any combination 
(zero to several of each); whichever configuration is adopted, the private network 330 and 
the proxy network 430 together form a single logical or apparent network 345, i.e. a single 
apparent domain from the point of view of outsiders; see also col. 7, lines 13-24). 

• Regarding claim 48, Baehr and Nakae disclose the method of claim 37. 

Baehr and Nakae further disclose inhibiting said test machines in said test 
facilities from providing responses to said traffic (Baehr: col. 6, lines 53-59; in this case, 
the screen 340 should drop the packet without reply; col. 7, lines 16-24; packets from any 
other source will be dropped without fiirther action; col. 7, lines 25-29; if a frace_route 
packet is received, the packet is discarded; Nakae: par. 0449; when an attack has been 
detected by the decoy unit 2, the connection is immediately blocked; therefore it can be 
guaranteed that no request data thereafter including the piece of request data r(i) will 
reach the regular server). 

• Regarding claim 49, Baehr and Nakae disclose the method of claim 37. 
Baehr further discloses providing an in-line component ensuring said fraffic with 

said set of machines (Baehr: col. 3, lines 59-64; Figs. 5-9; packet screening system 340 
and network interface 1); and 

providing at least one interface interfacing said in-line component with said test 
system (Baehr: col. 3, lines 59-64; Figs. 5-9; packet screening system 340 and network 
interface 2). 
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• Regarding claim 50, Baehr and Nakae disclose the method of claim 49, 
comprising the step of providing feedback from said test system to said in-line component 
via said at least one interface (Baehr: col. 8, lines 5-12; the screen can store information 
about what state each packet is in, and take actions dependent upon that state; see also col. 
7, lines 55-63; packets will normally be logged in the log file storage 640 (especially failed 
attempts or requests), including whatever information the system administrator decides is 
important, such as: time of day; source and destination addresses; requested operation(s)). 

• Regarding claim 51, Baehr and Nakae disclose the method of claim 49. 
Baehr further discloses providing a management network for managing said test 

system (Baehr: col. 7, lines 13-24; administrator is able to select security protocol and 
predefined criteria for packet filtering/processing); and 

providing feedback from said test system to said in-fine component via said 
management network (Baehr: col. 7, lines 55-63; packets will normally be logged in the 
log file storage 640 (especially failed attempts or requests), including whatever 
information the system administrator decides is important, such as: time of day; source and 
destination addresses; requested operation(s); col. 8, lines 5-12; the screen can store 
information about what state each packet is in, and take actions dependent upon that state). 

• Regarding claims 54-56, claims 54-56 are sinular in scope to claims 37-39 
respectively, and are therefore rejected under sinular rationale. 

• Regarding claims 63-68, claims 63-68 are similar in scope to claims 46-51 
respectively, and are therefore rejected under similar rationale. 
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• Regarding claim 71, claim 71 is similar in scope to claim 54 and is therefore 
rejected under similar rationale. 

• Regarding claim 72, claim 72 is similar in scope to claim 37 and is therefore 
rejected under similar rationale. 

8. Claims 40-45, 52-53, 57-62, and 69-70 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Baehr in view of Nakae, as applied to claims 37 and 54 above, and 
further in view of Ramsey etal., (hereinafter "Ramsey"), U.S. Patent No. 7,331,061, filed 
on September 07, 2001. 

• Regarding claim 40, Baehr and Nakae disclose the method of claim 37. 
Baehr and Nakae do not explicitly discloses providing a data base comprising 

patterns representative of forbidden communication entities for communication with said 
set of machines; and blocking forbidden communication entities in said traffic as identified 
by respective patterns included in said data base. 

However, in an analogous art, Ramsey discloses an integrated computer security 
management method including steps of providing a data base comprising patterns 
representative of forbidden communication entities for communication with said set of 
machines (Ramsey: col. 3, lines 35-38; col. 4, lines 43-49; col. 5, lines 38-47; col. 18, lines 
29-55; Fig. 5, wherein at least steps 542: signature match? Y/N and profile match: Y/N); 
and blocking forbidden communication entities in said traffic as identified by respective 
patterns included in said data base (Ramsey: col. 3, lines 35-38; col. 4, lines 43-49; col. 5, 
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lines 38-47; col. 17, lines 20-35; Fig. 5; wherein at least steps 514/528/652: deny/reject? 
Y/N). 

Therefore, it would have been obvious to one of ordinary skill in the art at the 
time the invention was made to combine the teaching of Ramsey with the method and 
system of Baehr and Nakae to include steps of providing a data base comprising patterns 
representative of forbidden communication entities for communication with said set of 
machines; and blocking forbidden communication entities in said traffic as identified by 
respective patterns included in said data base to provide user with a means for managing 
security information with parallel processing, serial processing, or singular processing by a 
firewall, and IDS, and an AVS (Ramsey: col. 2, lines 63-67). 

• Regarding claim 41, Baehr and Nakae disclose the method of claim 37. 
Baehr and Nakae do not explicitly disclose providing a further data base 
comprising patterns representative of allowed communication entities for communication 
with said set of machines; and allowing communication of allowed communication entities 
in said traffic as identified by respective patterns included in said further data base. 

However, in an analogous art, Ramsey discloses an integrated computer security 
management method including steps of providing a further data base comprising patterns 
representative of allowed communication entities for communication with said set of 
machines (Ramsey: col. 3, lines 35-38; col. 4, lines 43-49; col. 5, lines 38-47; col. 18, lines 
29-55; Fig. 5, wherein at least steps 538: compare packet/copy to IDS signature and 542: 
signature match? Y/N and profile match: Y/N); and allowing communication of allowed 
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communication entities in said traffic as identified by respective patterns included in said 
further data base (Ramsey: col. 3, lines 35-38; col. 4, lines 43-49; col. 5, lines 38-47; col. 
17, lines 20-35; Fig. 5; wherein at least steps : compare packet/copy to IDS signature; 
552: trust? Y/Nand 514/528/652: deny/reject? Y/N). 

Therefore, it would have been obvious to one of ordinary skill in the art at the 
time the invention was made to combine the teaching of Ramsey with the method and 
system of Baehr and Nakae to include steps of providing a further data base comprising 
patterns representative of allowed communication entities for communication with said set 
of machines; and allowing communication of allowed communication entities in said 
traffic as identified by respective patterns included in said further data base to provide user 
with a means for managing security information with parallel processing, serial processing, 
or singular processing by a firewall, and IDS, and an AVS (Ramsey: col. 2, lines 63-67). 

• Regarding claim 42, Baehr, Nakae, and Ramsey disclose the method of claim 

40. 

Baehr and Ramsey further disclose detecting unknown communication entities in 
said traffic as identified by respective unknown patterns not included in said data base 
(Baehr: col. 7, lines 13-29; packages from (or to) any other source (unknown source) will 
be dropped; Ramsey: Fig. 5; wherein at least step 542: 'profile match? Y/N'); and 
directing said unknown communication entities in said tiaffic as identified by respective 
unknown patterns not included in said data base toward said test system to be run on said 
test facilities to detect possibly adverse effects on said test system (Baehr: col. 4, lines 57- 
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60; Figs. 4-7; requests from public network will be forwarded to proxy network; see also 
col. 6, lines 30-36; Ramsey: Fig. 5; wherein at least step 542: 'profile match? Y/N'). 

• Regarding claim 43, Baehr, Nakae, and Ramsey disclose the method of claim 

42. 

Baehr further discloses in the presence of said adverse effect, the step of adding 
to said data base the respective pattern identifying the communication entity leading to said 
adverse effect (Baehr: col. 6, lines 37-59; col. 7, lines 55-63; packets, especially failed 
attempts or requests, are logged in the log file storage 640). 

• Regarding claim 44, Baehr, Nakae, and Ramsey disclose the method of claim 

41. 

Baehr and Ramsey further disclose detecting unknown communication entities in 
said traffic as identified by respective unknown patterns not included in said further data 
base (Baehr: col. 7, lines 13-29; unknown packets are determined by predetermined 
criteria; Ramsey: Fig. 5; wherein at least steps 512 and 552: determine if packet is 
trusted? Y/N); and 

directing said unknown communication entities in said traffic as identified by 
respective unknown patterns not included in said further data base toward said test system 
to be run on said test facilities to detect possibly adverse effects on said test system (Baehr: 
col. 4, lines 57-60; Figs. 4-7; requests from public network will be forwarded to proxy 
network; see also col. 6, lines 30-36). 
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• Regarding claim 45, Baehr, Nakae, and Ramsey disclose the method of claim 

44. 

Baehr and Ramsey further disclose in the absence of said adverse effect, the step 
of adding to said further data base the respective pattern identifying the communication 

entity failing to lead to said adverse effect (Baehr: col. 7, lines 13-29; unknown packets are 
determined by predetermined criteria; Ramsey: col. 12, lines 63-67 to col. 13, lines 1-3; 
updating IDS configuration and/or signature files). 

• Regarding claim 52, Baehr, Nakae, and Ramsey disclose the method of claim 

43. 

Ramsey further discloses providing a parallel intrusion preventing arrangement 
including a respective data base including patterns representative of respective forbidden 
communication entities for communication with a respective set of machines (Ramsey: col. 
16, lines 23-30; parallel processing occurs where the IDS 255 processes the copied packet 
while the actual packet is processed by the firewall 225); and 

in the presence of said adverse effect, transmitting to said parallel intrusion 
preventing arrangement, for inclusion in said respective data base, the respective pattern 
identifying the communication entity leading to said adverse effect (Ramsey: col. 16, lines 
23-60; decision step 512, it is determined whether a packet is 'trusted'). 

• Regarding claim 53, Baehr, Nakae, and Ramsey disclose the method of claim 

45. 
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Ramsey further discloses providing a parallel intrusion preventing arrangement 
including a respective further data base including patterns representative of respective 
allowed communication entities for communication with a respective set of machines 
(Ramsey: col. 16, lines 23-30; col. 19, lines 8-34; parallel processing occurs where the IDS 
255 processes the copied packet while the actual packet is processed by the firewall 225); 
and 

in the absence of said adverse effect, transmitting to said parallel intrusion 
preventing arrangement, for inclusion in said respective further data base, the respective 

pattern identifying the communication entity failing to lead to said adverse effect (Ramsey: 
col. 16, lines 23-60; col. 19, lines 8-34; decision step 512, it is determined whether a 
packet is 'trusted'). 

• Regarding claims 57-62, claims 57-62 are similar in scope to claims 40-45 
respectively, and are therefore rejected under similar rationale. 

• Regarding claims 69-70, claims 69-70 are similar in scope to claims 52-53 
respectively, and are therefore rejected under similar rationale. 
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Conclusion 

9. Applicant's amendment necessitated the new ground(s) of rejection presented in this Office 
action. Secondary reference is applied for new ground(s) of rejection for amended 
limitations. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). 
Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the 
advisory action. In no event, however, will the statutory period for reply expire later than 
SIX MONTHS from the mailing date of this final action. 

10. Any inquiry concerning this communication or earlier communications from the examiner 
should be directed to Luu Pham whose telephone number is 571-270-5002. The examiner 
can normally be reached on Monday through Friday, 8:30 AM - 5:00 PM (EST). 

If attempts to reach the examiner by telephone are unsuccessfiil, the examiner's 
supervisor, Shiferaw A. Eleni can be reached on 571-272-3867. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published 
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applications may be obtained from either Private PAIR or Public PAIR. Status information 
for unpublished applications is available through Private PAIR only. For more information 
about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on 
access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866- 

217-9197 (toll-free). If you would like assistance from a USPTO Customer Service 
Representative or access to the automated information system, call 800-786-9199 (IN USA 
OR CANADA) or 571-272-1000. 



/Luu Pham/ 
Examiner, Art Unit 2437 
/Eleni A Shiferaw/ 

Supervisory Patent Examiner, Art Unit 2437 



